Threat Modeling with ATT&CK defines how to integrate MITRE ATT&CK® into your organization’s existing threat modeling methodology. This process is intended for universal application to any system or technology stack (large or small) using any existing threat modeling methodology like STRIDE, PASTA, or Attack Trees. To demonstrate its use and applicability to a wide audience of cybersecurity practitioners, we apply this process to a fictional internet-of-things (IOT) system called the Ankle Monitoring Predictor of Stroke (AMPS).
Table Of Contents:
Go to the project website to learn all about the Threat Modeling with ATT&CK process, including detailed steps for applying the process and comprehensive examples based.
| Resource | Description |
|---|---|
| Project Website | The project website describes the comprehensive threat modeling process. |
There are several ways that you can get involved with this project and help advance threat-informed defense:
Please submit issues on GitHub for any technical questions or requests. You may also contact ctid@mitre-engenuity.org directly for more general inquiries about the Center for Threat-Informed Defense.
We welcome your contributions to help advance Threat Modeling with ATT&CK in the form of pull requests. Please review the contributor notice before making a pull request.
© 2024 MITRE Engenuity. Approved for public release. Document number(s) CT0122.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.